| |
HB1PMS > TECH 08.02.20 20:11l 74 Lines 3443 Bytes #999 (0) @ WW
BID : 1677HB1PMS
Read: GAST
Subj: Using WhatsApp on Your Computer Could Put Your Fil
Path: DBO595<DBX320<FRB024<NL3TD<NL3PRC<GY1BBS<HB1BBS
Sent: 200208/0940Z 7730@HB1BBS.ZL.NLD.EU BPQ6.0.19
Van: HB1PMS@HB1BBS.ZL.NLD.EU
Using WhatsApp on Your Computer Could Put Your Files at Risk
February 6, 2020 | Malware and Vulnerabilities
app,application,background,business,call,chat,close,communication,concept,co
ntact,device,editorial,free,friends,green,holding,icon,illustrative,instant,
internet,keep,logo,media,message,messaging,messenger,mobile,network,networki
ng,news,online,paper,phone,sand,screen,sea,sign,sky,smartphone,sms,social,st
ay,technology,touch,touchscreen,video,view,web,whatsapp,white
The desktop platform of WhatsApp has more than 1.5 billion monthly active
users.
The flaw affected WhatsApp desktop versions prior to 0.3.9309 when paired
with WhatsApp for iPhone versions prior to 2.20.10.
Researchers have reported a vulnerability in WhatsApp desktop client for
iPhones which puts victim's files—on their computers—at risk.
What happened?
Researcher Gal Weizman of PerimeterX found a JavaScript vulnerability in the
WhatsApp desktop platform that could allow cybercriminals to infiltrate
systems with loaded malware.
Hackers could enter through notification messages that appear completely
normal to unsuspecting users.
Tracked as CVE-2019-18426, the cross-site scripting flaw could potentially
allow an attacker to reach the local file system of user simply by sending a
specially crafted message.
The flaw affected WhatsApp desktop versions prior to 0.3.9309 when paired
with WhatsApp for iPhone versions prior to 2.20.10.
How does it work?
The desktop platform of WhatsApp has more than 1.5 billion monthly active
users.
The vulnerability appeared in the Windows and Mac versions of the app where
it manages banners or previews of web links in messages.
The JavaScript code attached to a malicious banner could bypass protection
mechanisms and access the local file system of the victim.
According to the researcher, the heart of the flaw lies in the Chromium
browser engine in the application framework Electron.
WhatsApp relies on it to provide a user interface for its desktop client.
Though the cross-site scripting (XSS) bug was patched earlier sometime back
in Chromium, WhatsApp used an older version of Electron for Chromium.
Explaining further, Weizman said, "Electron is a cool platform that lets you
create 'native' applications using standard web features. This makes things
super easy for a lot of big companies since it allows them to have one
source code for both their web applications and native desktop applications.
Electron constantly updates along with the platform it is based on
Chromium."
73 Henk.
======================================================================
_ _ ____ __ ____ ____ _____
| | | | _ \/_ | _ \| _ \ / ____| SYS: Henk (hb1nos@hb1bbs.com)
| |__| | |_) || | |_) | |_) | (___ QTH: Ouwerkerk - JO11XO
| __ | _ < | | _ <| _ < \___ \ BBS: HB1BBS.ZLD.NLD.EU
| | | | |_) || | |_) | |_) |____) | QRV: 27.235 MHz (FM 1200bps)
|_| |_|____/ |_|____/|____/|_____/ WEB: www.hb1bbs.com
======================================================================
** Host of BPQ Netrom/Node NLDHUB::NL9HUB 85.214.163.10 UDP 93
======================================================================
** This message is generated with Sally 7.2.033
----------------------------------------------------------------------
** Timed zaterdag 08 februari 2020 10:34 West-Europa (standaardtijd)
** BBS HB1PMS@HB1BBS.ZL.NLD.EU
Lese vorherige Mail | Lese naechste Mail
| |